tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <jfarc...@apache.org>
Subject Re: RE : RE : RE : RE : RE : how to access Subject after authentifica tion
Date Wed, 21 Jul 2004 15:58:06 GMT


LERBSCHER Jean-Pierre wrote:

>In fact my java options are :
>
>JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf\Sample_jaas
>.config
>
>-----Message d'origine-----
>De : LERBSCHER Jean-Pierre [mailto:jean-pierre.lerbscher@cofiroute.fr] 
>Envoyé : mercredi 21 juillet 2004 12:13
>À : 'Tomcat Users List'
>Cc : 'Jeanfrancois Arcand'
>Objet : RE : RE : RE : RE : how to access Subject after authentification
>
>The command line is ok !
>
>But I have an exception :
>Caused by: java.io.IOException: Impossible de trouver une configuration de
>connexion
>  
>
Hehe :-) Pas mal comme message d'erreur ;-)

>        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
>        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
>        ... 33 more
>I set 
>JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf
>\Sample_jaas.config
>  
>
I never used JAAS this way so I cannot help you. Are you trying to load 
the file from your webapp? Hav eyou try  to put the file inside the war?

-- Jeanfrancois


>The classe that instantiates the login context is located in common/classes
>
>The standard Catalina.policy containts this permission
>
>grant codeBase "file:${catalina.home}/common/-" {
>        permission java.security.AllPermission;
>};
>
>Any ideas ?
>
>Thanks in advance!
>
>-----Message d'origine-----
>De : Jeanfrancois Arcand [mailto:jfarcand@apache.org] 
>Envoyé : mardi 20 juillet 2004 19:52
>À : Tomcat Users List
>Objet : Re: RE : RE : RE : how to access Subject after authentification
>
>
>
>LERBSCHER Jean-Pierre wrote:
>
>  
>
>>Could you tell me what is the correct configuration to access the jaas
>>    
>>
>login
>  
>
>>file with this security manager.
>> 
>>
>>    
>>
>You need to start Tomcat using the -security
>
>./catalina.sh start -security
>
>-- Jeanfrancois
>
>
>  
>
>>Thanks
>>
>>-----Message d'origine-----
>>De : Jeanfrancois Arcand [mailto:jfarcand@apache.org] 
>>Envoyé : mardi 20 juillet 2004 18:42
>>À : Tomcat Users List
>>Objet : Re: RE : RE : how to access Subject after authentification
>>
>>Are you both running with the security manager on? I think that's the 
>>problem...
>>
>>-- Jeanfrancois
>>
>>LERBSCHER Jean-Pierre wrote:
>>
>> 
>>
>>    
>>
>>>Matt I am ok with you! I try the two methods and I have the same results
>>>(null) !
>>>Perhaps we have to configure properly tomcat (?) so that it can record the
>>>subject in the session. Perhaps an authenticator ?
>>>Jean François ! any ideas ?
>>>
>>>The second method is
>>>Subject.getSubject(java.security.AccessController.getContext());
>>>
>>>-----Message d'origine-----
>>>De : Matt Harrison [mailto:matt.harrison@tmd.tv] 
>>>Envoyé : mardi 20 juillet 2004 17:42
>>>À : 'Tomcat Users List'
>>>Objet : RE: RE : how to access Subject after authentification
>>>
>>>I have tried both of these and they both return null!
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>-----Original Message-----
>>>>From: Jeanfrancois Arcand [mailto:jfarcand@apache.org]
>>>>Sent: 20 July 2004 16:30
>>>>To: Tomcat Users List
>>>>Subject: Re: RE : how to access Subject after authentification
>>>>
>>>>
>>>>Two ways:
>>>>
>>>>httpSession.getAttribute("javax.security.auth.subject")
>>>>
>>>>or
>>>>
>>>>Subject.getSubject(AccessControl.getContext())
>>>>
>>>>-- Jeanfrancois
>>>>
>>>>Matt Harrison wrote:
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>Sorry for mis-reading your email
>>>>>
>>>>>If anybody out there knows how to retrieve the Subject, 
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>Jean-Pierre and I
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>would most appreciate it!
>>>>>
>>>>>But, if, as I suspect, this is not part of the current 
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>servlet spec, and
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>thus not part of Tomcat, can I make a request for this to be 
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>included next
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>time round?
>>>>>
>>>>>I work around this by concatenating all the information I 
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>require from the
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>subject into the Principal's name in my JAAS login module, as a
>>>>>java.security.Principal object is available from the request 
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>object in
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>Tomcat. But I guess this isn't an option for this problem.
>>>>>
>>>>>Matt
>>>>>
>>>>>
>>>>>
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: LERBSCHER Jean-Pierre 
>>>>>>[mailto:jean-pierre.lerbscher@cofiroute.fr]
>>>>>>Sent: 20 July 2004 15:40
>>>>>>To: 'Tomcat Users List'
>>>>>>Subject: RE : how to access Subject after authentification 
>>>>>>
>>>>>>
>>>>>>Thanks Matt !
>>>>>>My problem is that have to call EJB deployed in Weblogic 
>>>>>>application server
>>>>>>      
>>>>>>
>>>>>>         
>>>>>>
>>>>>>            
>>>>>>
>>>>>>from servlet components. I use the weblogic api to propagate 
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>>>the security
>>>>>>information from tomcat to WLS. This api uses the subject! 
>>>>>>      
>>>>>>
>>>>>>         
>>>>>>
>>>>>>            
>>>>>>
>>>>Thus it is
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>>necessary that I can reach it.
>>>>>>
>>>>>>-----Message d'origine-----
>>>>>>De : Matt Harrison [mailto:matt.harrison@tmd.tv] 
>>>>>>Envoyé : mardi 20 juillet 2004 15:59
>>>>>>À : 'Tomcat Users List'
>>>>>>Objet : RE: how to access Subject after authentification 
>>>>>>
>>>>>>Hi
>>>>>>
>>>>>>I had a similar question a while back and never really got it fully
>>>>>>resolved, but I found that Tomcat doesn't save the subject as 
>>>>>>a session
>>>>>>attribute.
>>>>>>
>>>>>>However in your case you don't need to access the subject. In 
>>>>>>the web.xml
>>>>>>file for your app, you can define what roles have access to 
>>>>>>each resource
>>>>>>(jsp, servlet) and have your JAAS login module assign these 
>>>>>>roles to the
>>>>>>subject - i.e. container managed security. 
>>>>>>
>>>>>>e.g. add to web.xml (gives access to logins with role "user" 
>>>>>>to all of your
>>>>>>application):
>>>>>>
>>>>>>   <security-constraint>
>>>>>>		<web-resource-collection>
>>>>>>			
>>>>>><web-resource-name>myApplication</web-resource-name>
>>>>>>			<url-pattern>/*</url-pattern>
>>>>>>		</web-resource-collection>
>>>>>>		<auth-constraint>
>>>>>>			<role-name>user</role-name>
>>>>>>		</auth-constraint>
>>>>>>	</security-constraint>
>>>>>>	<security-role>
>>>>>>		<role-name>user</role-name>
>>>>>>	</security-role>
>>>>>>
>>>>>>see the tomcat docs for more info
>>>>>>
>>>>>>Matt
>>>>>>
>>>>>> 
>>>>>>
>>>>>>      
>>>>>>
>>>>>>         
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: LERBSCHER Jean-Pierre 
>>>>>>>[mailto:jean-pierre.lerbscher@cofiroute.fr]
>>>>>>>Sent: 20 July 2004 14:42
>>>>>>>To: 'tomcat-user@jakarta.apache.org'
>>>>>>>Subject: how to access Subject after authentification 
>>>>>>>
>>>>>>>
>>>>>>>Hi,
>>>>>>>
>>>>>>>I am using JAAS authentification module to authenticate user 
>>>>>>>within tomcat
>>>>>>>5.0.27.
>>>>>>>
>>>>>>>After the authentification, I want to control access to 
>>>>>>>resources (like ejb
>>>>>>>deployed in weblogic application server).
>>>>>>>
>>>>>>>To control access, I have to use weblogic api with the 
>>>>>>>Subject instance
>>>>>>>delivred by authentification to tomcat.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>The problem is : how can I get the subject object.. I try
>>>>>>>session.getAttribute( "javax.security.auth.subject" ); but it

>>>>>>>seems that I
>>>>>>>can't access to this information !
>>>>>>>
>>>>>>>Any ideas?
>>>>>>>
>>>>>>>Thanks,
>>>>>>>
>>>>>>>
>>>>>>>   
>>>>>>>
>>>>>>>        
>>>>>>>
>>>>>>>           
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>------------------------------------------------------------
>>>>>>      
>>>>>>
>>>>>>         
>>>>>>
>>>>>>            
>>>>>>
>>>>---------
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>>>
>>>>>>
>>>>>>------------------------------------------------------------
>>>>>>      
>>>>>>
>>>>>>         
>>>>>>
>>>>>>            
>>>>>>
>>>>---------
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>>>
>>>>>> 
>>>>>>
>>>>>>      
>>>>>>
>>>>>>         
>>>>>>
>>>>>>            
>>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>> 
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message